Privacy Policy
ABC Taxis 247 Ltd
November 2023
Aim and scope of policy
This policy applies to the processing of personal data in manual and electronic records
kept by the Organisation in connection with its HR/Office Administration and Customer
Record Management CRM Booking system. It also covers the Organisation’s
response to any data breach and other rights under the General Data Protection
Regulation and current Data Protection Act.
This policy applies to the personal data of job applicants, existing and former
employees, apprentices, volunteers, placement students, workers and self-employed
contractors. These are referred to in this policy as relevant individuals.
“Personal data” is information that relates to an identifiable person who can be directly
or indirectly identified from that information, for example, a person’s name,
identification number, location, online identifier. It can also include pseudonymised
data.
“Special categories of personal data” is data which relates to an individual’s health,
sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade
union membership. It also includes genetic and biometric data (where used for ID
purposes).
“Criminal offence data” is data which relates to an individual’s criminal convictions and
offences.
“Data processing” is any operation or set of operations which is performed on personal
data or on sets of personal data, whether or not by automated means, such as
collection, recording, organisation, structuring, storage, adaptation or alteration,
retrieval, consultation, use, disclosure by transmission, dissemination or otherwise
making available, alignment or combination, restriction, erasure or destruction.
The Organisation makes a commitment to ensuring that personal data, including
special categories of personal data and criminal offence data (where appropriate) is
processed in line with GDPR and domestic laws and all its employees conduct
themselves in line with this, and other related, policies. Where third parties process
data on behalf of the Organisation, the Organisation will ensure that the third party
takes such measures in order to maintain the Organisation’s commitment to protecting
data. In line with current data protection legislation, the Organisation understands that
it will be accountable for the processing, management and regulation, and storage and
retention of all personal data held in the form of manual records and on computers.
We may collect and process the following data about you:
• Information you give us. You may give us information about you by filling in
forms on the App or Services Site, or by corresponding with us (for example,
by e-mail). This includes personal information and other information you provide
when you register to use the Services Site, download or register the App, book
a taxi or otherwise use any of the Services, make an in-App purchase, share
data via an App’s social media functions, enter a competition, promotion or
survey, and when you report a problem with an App or the Services Site. The
information you give us may include your name, address, e-mail address and
phone number, the Device’s phone number, age, username, password and
other registration information, personal description and photograph.
• Personal data is kept in personnel files or within the Organisation’s electronic
HR files.
If you contact us, we may keep a record of that correspondence.
• Information we collect about you and your Device. Each time you visit the
Services Site or use the App we may automatically collect the following
information.
• Technical information, including the type of mobile device you use, a unique
device identifier (for example, your Device’s IMEI number, the MAC address of
the Device’s wireless network interface, or the mobile phone number used by
the Device), mobile network information, your mobile operating system, the type
of mobile browser you use and time zone setting.
• Information stored on your Device, including contact information, friends lists,
login information, photos, videos or other digital content and check ins.
• Details of your use of the App or the Services Site including, but not limited to,
traffic data, location data, weblogs and other communication data, whether this
is required for billing purposes or otherwise and the resources that you access.
• Location information. We may also use GPS technology, wifi, cell phone
signals, ibeacons (which use Bluetooth) to determine your current location.
Some of our location-enabled Services require your personal data for the
feature to work. If you wish to use the particular feature, you will be asked to
consent to your data being used for this purpose. You can withdraw your
consent at any time by amending the operating system settings on your Device.
We also collect location information that you share with us using the App such
as pick-up, drop-off or street addresses that you have bookmarked using the
App.
• Information we receive from other sources. We are working closely with third
parties (including, for example, business partners, sub-contractors in technical,
payment and delivery services, advertising networks, analytics providers,
search information providers, credit reference agencies) and may receive
information about you from them.
• Our Booking Apps may collect personal information from you in order to fulfil
your service requests. This includes e-mail addresses, personal name, postal
address and contact numbers.
The booking apps may request access to your contacts list if you wish to use
the “buddy feature”. This allows us to send message to another person in your
contact list when you are using our service any personal information used is
only for the operation and fulfilment for service requested by you.
Uses Made of the Information
We use your information in the following ways:
• To provide you with the Services, including processing your booking requests with
Service Providers, processing your payments for those bookings and providing you
with customer support.
• To improve the Services, we provide to you and the App for example by personalising
the Services or making the booking process faster.
• To contact you and to provide information that you request from us, including service-
related messages (e.g. Reminders and messages notifying you when your taxi has
arrived).
• To display advertising or to send marketing directly to you in accordance with the law,
including ensuring that content is presented as effectively as possible for you and
creating reports to assist with future marketing.
• For our internal purposes, such as quality control, site performance, system
administration and to evaluate use of the App and the Services Site, so that we can
provide you with enhanced services.
• To notify you about changes to our services.
• To enable you to participate in any interactive features of the App and Services when
you choose to do so.
We may monitor your use of the App and Services Site and record your email
address and/or IP address, operating system and browser type, for system
administration and to report aggregate information to our advertisers. This is
statistical information about our users’ browsing actions and patterns and does not
identify any individual.
We collect non-personal aggregated statistics data about the App and Services Site
and sales and traffic patterns. Just to be clear, this information does not identify
users in any personal capacity and we do not use this information to build profiles on
individual users: it just contains generalised information about the users of the App
and Services Site.
We may associate any category of information with any other category of information
and will treat the combined information as personal data in accordance with this
policy for as long as it is combined.
Disclosure of Your Information
We may disclose your information:
• To third party Service Providers that provide the transportation services you
request using the App, including their contractors, so that they can perform
those services. This information includes your precise location, name,
telephone number and email address.
• To other third-party Service Providers that provide certain features and
functionality of the App, Services and Services Site, for example payment
processing services, mapping and location services and booking platform
service providers through which transportation Service Providers administer
and manage their bookings.
• To any member of our group, which means our subsidiaries, our ultimate
holding company and its subsidiaries, as defined in section 1159 of the
Companies Act 2006. All members of our group will comply with this privacy
policy.
We may also disclose your information to other third parties:
• In the event that We sell or buy any business or assets, in which case We may
disclose your personal data to the prospective seller or buyer of such business
or assets.
• If ABC Taxis 247 Ltd or substantially all of its assets are acquired by a third
party, in which case personal data held by it about its customers will be one of
the transferred assets.
• If We are under a duty to disclose or share your personal data in order to comply
with any legal or regulatory obligation or request.
• In order to:
o Enforce or apply the EULA, our Terms of Use, our contracts with Service
Providers and other agreements or to investigate potential breaches or
o Protect the rights, property or safety of , our customers, or others. This
includes exchanging information with other companies and
organisation’s for the purposes of fraud protection and credit risk
reduction.
Where We Store Your Personal Data
The data that We collect from you may be transferred to, and stored at, a destination
outside the European Economic Area (EEA). It may also be processed by staff
operating outside the EEA who work for us or for one of our suppliers. These staff may
be engaged in the fulfilment of your request, order or reservation, the processing of
your payment details and the provision of support services. By submitting your
personal data, you agree to this transfer, storing or processing. We will take all steps
reasonably necessary to ensure that your data is treated securely and in accordance
with this privacy policy.
All information you provide to us is stored on our secure servers. Any payment
transactions carried out by us or our chosen third-party provider of payment
processing services will be encrypted using Secured Sockets Layer technology.
Where We have given you (or where you have chosen) a password that enables you
to access certain parts of our Services Site, you are responsible for keeping this
password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure.
Although We will do our best to protect your personal data, we cannot guarantee the
security of your data transmitted to our Services Site; any transmission is at your own
risk. Once We have received your information, we will use strict procedures and
security features to try to prevent unauthorised access.
We may collect and store personal data on your Device using application data caches
and browser web storage (including HTML 5) and other technology.
Certain Services may include social networking or other interactive features. Please
ensure when using these features that you do not submit any personal data that you
do not want to be seen, collected or used by other users.
Your Rights
You have the right to ask us not to process your personal data for marketing purposes.
We will usually inform you (before collecting your data) if We intend to use your data
for such purposes or if We intend to disclose your information to any third party for
such purposes. You can exercise your right to prevent such processing by checking
certain boxes on the forms We use to collect your data. You can also exercise the right
at any time by contacting us using the contact information set out in the Contact Us
section.
Our Services Site may, from time to time, contain links to and from the applications
and websites of our partner networks, advertisers and affiliates (including, but not
limited to, websites on which the App or the Services are advertised). If you follow a
link to any of these websites, please note that these websites and any services that
may be accessible through them have their own privacy policies and that We do not
accept any responsibility or liability for these policies or for any personal data that may
be collected through these websites or services, such as contact and location data.
Please check these policies before you submit any personal data to these websites or
use these services.
Relevant individuals should refer to the Organisation’s privacy notice for more
information on the reasons for its processing activities, the lawful bases it relies on for
the processing and data retention periods.
Access to Information
This policy gives you the right to access information held about you. Your right of
access can be exercised in accordance with that Act. Any access request may be
subject to a fee to meet our costs in providing you with details of the information we
hold about you.
You may access, view and amend your account information by using the settings
feature within the App.
Procedures
The Organisation has taken the following steps to protect the personal data of relevant
individuals, which it holds or to which it has access:
• it appoints or employs employees with specific responsibilities for:
a. the processing and controlling of data
b. the comprehensive reviewing and auditing of its data protection systems
and procedures
c. overviewing the effectiveness and integrity of all the data that must be
protected.
There are clear lines of responsibility and accountability for these different roles.
• it provides information to its employees on their data protection rights, how it
uses their personal data, and how it protects it. The information includes the
actions relevant individuals can take if they think that their data has been
compromised in any way
• it provides its employees with information and training to make them aware of
the importance of protecting personal data, to teach them how to do this, and
to understand how to treat information confidentially
• it can account for all personal data it holds, where it comes from, who it is
shared with and also who it might be shared with
• it carries out risk assessments as part of its reviewing activities to identify any
vulnerabilities in its personal data handling and processing, and to take
measures to reduce the risks of mishandling and potential breaches of data
security. The procedure includes an assessment of the impact of both use and
potential misuse of personal data in and by the Organisation
• it recognises the importance of seeking individuals’ consent for obtaining,
recording, using, sharing, storing and retaining their personal data, and
regularly reviews its procedures for doing so, including the audit trails that are
needed and are followed for all consent decisions. The Organisation
understands that consent must be freely given, specific, informed and
unambiguous. The Organisation will seek consent on a specific and individual
basis where appropriate. Full information will be given regarding the activities
about which consent is sought. Relevant individuals have the absolute and
unimpeded right to withdraw that consent at any time
• it has the appropriate mechanisms for detecting, reporting and investigating
suspected or actual personal data breaches, including security breaches. It is
aware of its duty to report significant breaches that cause significant harm to
the affected individuals to the Information Commissioner, and is aware of the
possible consequences
• it is aware of the implications of international transfer of personal data.
Access to data
Relevant individuals have a right to be informed whether the Organisation processes
personal data relating to them and to access the data that the Organisation holds
about them. Requests for access to this data will be dealt with under the following
summary guidelines:
• a form on which to make a subject access request is available from Our Data
Controller Mohammed Fiaz via email fiaz@abctaxis247.co.uk.
• the Organisation will not charge for the supply of data unless the request is
manifestly unfounded, excessive or repetitive, or unless a request is made for
duplicate copies to be provided to parties other than the employee making the
request
• the Organisation will respond to a request without delay. Access to data will be
provided, subject to legally permitted exemptions, within one month as a
maximum. This may be extended by a further two months where requests are
complex or numerous.
Relevant individuals must inform the Organisation immediately if they believe that the
data is inaccurate, either as a result of a subject access request or otherwise. The
Organisation will take immediate steps to rectify the information.
For further information on making a subject access request, employees should refer
to our subject access request policy, available on request via our email sam-
travel1@outlook.com.
Data security
The Organisation adopts procedures designed to maintain the security of data when
it is stored and transported. More information can be found in the data transfer security
policy, available on request from fiaz@abctaxis247.co.uk.
In addition, employees must:
• ensure that all files or written information of a confidential nature are stored in
a secure manner and are only accessed by people who have a need and a right
to access them
• ensure that all files or written information of a confidential nature are not left
where they can be read by unauthorised people
• refrain from sending emails containing sensitive work related information to
their personal email address
• check regularly on the accuracy of data being entered into computers
• always use the passwords provided to access the computer system and not
abuse them by passing them on to people who should not have them
• use computer screen blanking to ensure that personal data is not left on screen
when not in use.
Personal data relating to employees should not be kept or transported on laptops,
USB sticks, or similar devices, unless authorised by Mohammed Fiaz, Company
Director. Where personal data is recorded on any such device it should be
protected by:
• ensuring that data is recorded on such devices only where absolutely
necessary
• using an encrypted system — a folder should be created to store the files that
need extra protection and all files created or moved to this folder should be
automatically encrypted
• ensuring that laptops or USB drives are not left lying around where they can be
stolen.
Failure to follow the Organisation’s rules on data security may be dealt with via the
Organisation’s disciplinary procedure. Appropriate sanctions include dismissal with or
without notice dependent on the severity of the failure.
International data transfers
The Organisation does not transfer personal data to any recipients outside of the EEA.
Breach notification
Where a data breach is likely to result in a risk to the rights and freedoms of individuals,
it will be reported to the Information Commissioner within 72 hours of the Organisation
becoming aware of it and may be reported in more than one instalment.
Individuals will be informed directly in the event that the breach is likely to result in a
high risk to the rights and freedoms of that individual.
If the breach is sufficient to warrant notification to the public, the Organisation will do
so without undue delay.
Training
New employees must read and understand the policies on data protection as part of
their induction.
All employees receive training covering basic information about confidentiality, data
protection and the actions to take upon identifying a potential data breach.
The nominated data controller/auditors/protection officers for the Organisation are
trained appropriately in their roles under data protection legislation.
All employees who need to use the computer system are trained to protect individuals’
private data, to ensure data security, and to understand the consequences to them as
individuals and the Organisation of any potential lapses and breaches of the
Organisation’s policies and procedures.
Records
The Organisation keeps records of its processing activities including the purpose for
the processing and retention periods in its Customer CRM Software and HR data
record. These records will be kept up to date so that they reflect current processing
activities.
Data Protection Officer
The Organisation’s Data Protection Officer is Mohammed Fiaz. He can be contacted
at fiaz@abctaxis247.co.uk.